Welcome to our tutorial on how to install and configure local DNS Server using Dnsmasq on Ubuntu 20.04. “Dnsmasq is a lightweight, easy to configure, DNS forwarder and DHCP server. It is designed to provide DNS and optionally, DHCP and TFTP, to a small network. It can serve the names of local machines which are not in the global DNS“.
If you want to save yourself the hustle of having to configure the DNS server the BIND9 way, using Dnsmasq is the simplest and quickest way to get your local DNS server up and running.
In this setup, therefore, we will be configuring Dnsmasq as our local caching DNS server to speed to the local DNS resolution.
Configure Local DNS Server using Dnsmasq on Ubuntu 20.04
Run System Update
Update your system package cache;
Dnsmasq is available on the Ubuntu 20.04 Universe repos. However, before you can install
dnsmasq on Ubuntu 20.04, disable Systemd-resolved service (system service that provides network name resolution to local applications).
systemctl disable --now systemd-resolved
Remove the default resolv.conf file and create a new one with your custom DNS server details to enable you do the installation.
rm -rf /etc/resolv.conf
echo "nameserver 188.8.131.52" > /etc/resolv.conf
Once that is done, Dnsmasq can be installed by running the command below;
apt install dnsmasq
Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: dns-root-data dnsmasq-base libidn11 Suggested packages: resolvconf The following NEW packages will be installed: dns-root-data dnsmasq dnsmasq-base libidn11 0 upgraded, 4 newly installed, 0 to remove and 73 not upgraded. Need to get 382 kB of archives. After this operation, 1,155 kB of additional disk space will be used. Do you want to continue? [Y/n] y
This installs and starts and enables Dnsmasq service to run on system boot.
systemctl status dnsmasq
● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2020-10-06 19:12:31 UTC; 15s ago Main PID: 17726 (dnsmasq) Tasks: 1 (limit: 2282) Memory: 868.0K CGroup: /system.slice/dnsmasq.service └─17726 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service --trust-anchor=.,20326,8,2,e> Oct 06 19:12:31 ubuntu20 systemd: Starting dnsmasq - A lightweight DHCP and caching DNS server... Oct 06 19:12:31 ubuntu20 dnsmasq: dnsmasq: syntax check OK. Oct 06 19:12:31 ubuntu20 dnsmasq: started, version 2.80 cachesize 150 Oct 06 19:12:31 ubuntu20 dnsmasq: DNS service limited to local subnets Oct 06 19:12:31 ubuntu20 dnsmasq: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfi> Oct 06 19:12:31 ubuntu20 dnsmasq: reading /etc/resolv.conf Oct 06 19:12:31 ubuntu20 dnsmasq: using nameserver 184.108.40.206#53 Oct 06 19:12:31 ubuntu20 dnsmasq: read /etc/hosts - 7 addresses Oct 06 19:12:31 ubuntu20 systemd: Started dnsmasq - A lightweight DHCP and caching DNS server.
Once Dnsmasq is installed, you can now proceed to configure it as the local caching DNS server on Ubuntu 20.04.
/etc/dnsmasq.conf is the default Dnsmasq configuration file. To configure dnsmasq therefore, you need to edit the
First off, create a copy of the configuration file;
Next, open the configuration file for editing;
The file is well commented and all configuration options are self explanatory.
To begin with, set the port on which Dnsmasq will listen for DNS requests. This defaults to port 53 UDP by default. You can as well explicitly set the port using the
Disable forwarding of names without a dot or domain part;
Disable forwarding of addresses in the non-routed address spaces;
Define an interface (eg,
interface=enp0s8) or the IP address (e.g,
listen-address=192.168.x.x) on which the Dnsmasq can listen for the DNS requests. This usually defaults to the loopback address. In this setup, we set the Dnsmasq to respond to both internal and external DNS requests via a loopback and non-loopback interface IP.
Replace you interface IP address accordingly.
Enable Dnsmasq to automatically append the domain part to the simple names;
Set the domain for dnsmasq to append to simple names;
Adjust the size of the cached domain names. The default is
The above configuration options are enough for the basic local caching DNS server using Dnsmasq.
Without comment lines, this is how our Dnsmasq configuration file looks like;
port=53 domain-needed bogus-priv listen-address=127.0.0.1,192.168.57.3 expand-hosts domain=kifarunix-demo.com cache-size=1000
Save and exit the configuration file once done making changes.
Add the Dnsmasq DNS server IP on /etc/hosts file
Next, add the Dnsmasq IP address as the primary DNS server on the
sed -i '1i nameserver 192.168.57.3' /etc/resolv.conf
/etc/resolv.conf now looks like;
nameserver 192.168.57.3 nameserver 220.127.116.11
Add local DNS Records to Dnsmasq Server
Add local DNS entries on the Dnsmasq server
echo -e “192.168.57.19 centos8.kifarunix-demo.com\n192.168.57.6 ubuntu18.kifarunix-demo.com” >> /etc/hosts
Do the same for your other local domain names.
Run Dnsmasq configuration check;
dnsmasq: syntax check OK.
systemctl restart dnsmasq
Confirming Port 53;
netstat -alnp | grep -i :53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 18313/dnsmasq tcp6 0 0 :::53 :::* LISTEN 18313/dnsmasq udp 0 0 0.0.0.0:53 0.0.0.0:* 18313/dnsmasq udp6 0 0 :::53 :::* 18313/dnsmasq
Note that dnsmasq binds to the wildcard address, even when it is listening on only some interfaces. This has the advantage of working even when interfaces come and go and change address.
Open DNS Port on UFW
If UFW is enabled, open the DNS port 53, UDP.
ufw allow from 192.168.0.0/16 to any port 53 proto udp
Update your source network accordingly.
Verify DNS resolution
Local domain resolution;
dig ubuntu18.kifarunix-demo.com +short
External DNS resolution;
dig google.com +short
Configure DNS Server on Remote Clients
Now that the Dnsmasq is ready to server out both DNS local and external queries via the local DNS server, update the DNS entry for the clients on the /etc/resolv.conf.
echo "nameserver 192.168.57.3" > /etc/resolv.conf
Replace the Dnsmasq IP accordingly.
Perform local dns queries;
; <<>> DiG 9.11.13-RedHat-9.11.13-6.el8_2.1 <<>> ubuntu18.kifarunix-demo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57550 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ubuntu18.kifarunix-demo.com. IN A ;; ANSWER SECTION: ubuntu18.kifarunix-demo.com. 0 IN A 192.168.57.3 ;; Query time: 1 msec ;; SERVER: 192.168.57.3#53(192.168.57.3) ;; WHEN: Tue Oct 06 00:20:02 EAT 2020 ;; MSG SIZE rcvd: 72
Now, let us time the DNS queries using the drill utility. To use this tool, you need to install
ldns-utils package on CentOS or
ldnsutils package on Ubuntu. Assuming the packages are installed, use
drill utility to verify DNS caching;
First time query run;
drill google.com | grep "Query time"
;; Query time: 25 msec
Second time query;
drill google.com | grep "Query time"
;; Query time: 1 msec
Hurraaay!! the Dnsmasq is now configured and running a local caching DNS server. That marks the end of our tutorial on how to install and configure local DNS server using Dnsmasq on Ubuntu 20.04.